CCleaner 5.33 and CCleaner Cloud version 1.07.3191 Under Malware Attack

We would like to apologize for a security incident that we have recently found in CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191. A suspicious activity was identified on September 12th, 2017, where we saw an unknown IP address receiving data from software found in version 5.33.6162 of CCleaner, and CCleaner Cloud version 1.07.3191, on 32-bit Windows systems. Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process. We also immediately contacted law enforcement units and worked with them on resolving the issue. Before delving into the technical details, let me say that the threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker, and we’re moving all existing CCleaner v5.33.6162 users to the latest version. Users of CCleaner Cloud version 1.07.3191 have received an automatic update. In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm.

Technical descriptionAn unauthorized modification of the CCleaner.exe binary resulted in an insertion of a two-stage backdoor capable of running code received from a remote IP address on affected systems.

While more articles on this subject can be found on Spiceworks, a very commendable article about the incident was published by the The Thalos group who first discovered the breach into Avast’s servers.

Posted by Rafiki Technology

We learned a ton in school, on the job, but also from great technical insights that others shared on various platforms. We are just giving it back and glorifying Jesus Christ, the Inventor of all human beings.
Please note that all information shared on or through our site is of good faith and is not intended to cause any harm individuals, groups, organizations, or devices. Just to be clear: you assume all responsibility for anything you do; we are not liable for anything that should go wrong.

DISCLAIMER: USE OUR SITE AT YOUR OWN RISK

Anything we suggest here is of good faith and is to be taken as a mere piece of information for you to take or not take. You are not bound to use any of our insights. Just to be clear: you assume all responsibility for anything you do; we are not liable for anything that should go wrong. Should all go well, please recommend us to your friends.